Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 21, 2024, 2:28 p.m.	Oct. 21, 2024, 2:38 p.m.

Size	387.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fa3f3956695fa1ff108e351a4d75da65`
SHA256	`d30e92d8cf21a0da2fe7689e665b53b80b789e11a5bb31f7e86c989bf639578f`
CRC32	`0C45421D`
ssdeep	`12288:NYeutcvs4g2TcRw3GRjnTLokV2XWgO8hFB:u3k74RASnfwGgO8h`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Trojan_Win32_Glupteba_1_Zero - Trojan Win32 Glupteba IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

file.exe "C:\Users\test22\AppData\Local\Temp\file.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	.vafuni
section	.rolobe
section	.huho
section	.zokesu

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 21, 2024, 2:28 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010ba000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Oct. 21, 2024, 2:28 p.m.	process_identifier: 2552 region_size: 114688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00300000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Foreign language identified in PE resource (48 events)

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_ICON

language

LANG_GEORGIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x008379d8

size

0x00000468

name

RT_GROUP_ICON

language

LANG_GEORGIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00837e40

size

0x00000076

name

RT_GROUP_ICON

language

LANG_GEORGIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00837e40

size

0x00000076

name

RT_GROUP_ICON

language

LANG_GEORGIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00837e40

size

0x00000076

name

RT_GROUP_ICON

language

LANG_GEORGIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00837e40

size

0x00000076

name

RT_GROUP_ICON

language

LANG_GEORGIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00837e40

size

0x00000076

name

RT_GROUP_ICON

language

LANG_GEORGIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00837e40

size

0x00000076

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002e000', u'virtual_address': u'0x00001000', u'entropy': 7.302407140979615, u'name': u'.text', u'virtual_size': u'0x0002dfee'}

entropy

7.30240714098

description

A section with a high entropy has been found

entropy

0.476067270375

description

Overall entropy of this PE file is high

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W32.AIDetectMalware
Lionic	Hacktool.Win32.Shellcode.3!c
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Stop.P5
Skyhigh	BehavesLike.Win32.Corrupt.fh
ALYac	Trojan.GenericKDZ.70316
Cylance	Unsafe
VIPRE	Trojan.GenericKDZ.70316
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKDZ.70316
K7GW	Trojan ( 0056fa4e1 )
K7AntiVirus	Trojan ( 0056fa4e1 )
Arcabit	Trojan.Generic.D112AC
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HGJC
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
ClamAV	Win.Dropper.Glupteba-9770987-0
Kaspersky	HEUR:Exploit.Win32.Shellcode.gen
Alibaba	Trojan:Win32/Azorult.943db140
NANO-Antivirus	Trojan.Win32.AntiAV.hynjhz
MicroWorld-eScan	Trojan.GenericKDZ.70316
Rising	Trojan.Kryptik!1.CC8E (CLASSIC)
Emsisoft	Trojan.GenericKDZ.70316 (B)
F-Secure	Heuristic.HEUR/AGEN.1311789
DrWeb	Trojan.DownLoader34.49967
Zillya	Trojan.Kryptik.Win32.2844128
McAfeeD	Real Protect-LS!FA3F3956695F
Trapmine	suspicious.low.ml.score
CTX	exe.trojan.antiav
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.fa3f3956695fa1ff
Jiangmin	NetTool.TorTool.gv
Webroot	W32.Adware.Gen
Google	Detected
Avira	HEUR/AGEN.1311789
Antiy-AVL	Trojan/Win32.AntiAV
Kingsoft	malware.kb.a.1000
Gridinsoft	Trojan.Heur!.02014021
Microsoft	Trojan:Win32/Azorult.SK!MSR
ZoneAlarm	HEUR:Exploit.Win32.Shellcode.gen
GData	Trojan.GenericKDZ.70316
Varist	W32/Kryptik.CAM.gen!Eldorado
AhnLab-V3	Trojan/Win32.MalPe.R352088
McAfee	Lockbit-GCZ!FA3F3956695F
DeepInstinct	MALICIOUS

file.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All